CVE-2011-2187
Published: 27 November 2019
xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.
Notes
Author | Note |
---|---|
jdstrand | only 5.13 affected |
Priority
Status
Package | Release | Status |
---|---|---|
xscreensaver Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
(5.12-0ubuntu3)
|
|
oneiric |
Not vulnerable
(5.14-1ubuntu1)
|
|
upstream |
Released
(5.14-1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |